https://community.qlik.com/t5/Integration-Extension-APIs/Refuse-to-display-iFrame-due-to-frame-ancestor/m-p/1683472#M12469 <P>Hi</P><P>Could you verify that your local server is using HTTPS since the CSP will enforce upgrade to secure connection. This is by design after discussions with our Security Experts.</P><P>&nbsp;</P><P>And in the case of jsfiddle I think that the "IDE" is on that URL/Origin but the rendered viewport is in a IFRAME with some other URL/Origin (something like:&nbsp;<A href="https://fiddle.jshell.net" target="_blank">https://fiddle.jshell.net</A>)</P> Tue, 10 Mar 2020 20:28:25 GMT han 2020-03-10T20:28:25Z https://community.qlik.com/t5/Integration-Extension-APIs/Refuse-to-display-iFrame-due-to-frame-ancestor/m-p/1683350#M12464 <P>I'm trying to embed a sheet, created on my qlikcloud instance, into a custom web app that I'm hosting locally (localhost:8080) but I'm getting the error "Refused to display [url]&nbsp;in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' localhost:8080"."</P><P>&nbsp;</P><P>As you can see form the error I've added a CSP policy for frame-ancestor with the origin "localhost:8080" but it doesn't seem to work. I've tried the creating a policy with "<A href="https://jsfiddle.net" target="_blank">https://jsfiddle.net</A>" just to see if it's some weird issue with localhost but that didn't work either.</P><P>&nbsp;</P><P>I'm not sure if I'm misunderstanding how Qlik's CSPs work but it's seriously slowing me down.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020-03-10_10-42-43.png" style="width: 999px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/29829i551EE250CB0F8D15/image-size/large?v=v2&amp;px=999" role="button" title="2020-03-10_10-42-43.png" alt="2020-03-10_10-42-43.png" /></span></P> Sat, 16 Nov 2024 03:01:50 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Refuse-to-display-iFrame-due-to-frame-ancestor/m-p/1683350#M12464 Adamkimm1 2024-11-16T03:01:50Z https://community.qlik.com/t5/Integration-Extension-APIs/Refuse-to-display-iFrame-due-to-frame-ancestor/m-p/1683472#M12469 <P>Hi</P><P>Could you verify that your local server is using HTTPS since the CSP will enforce upgrade to secure connection. This is by design after discussions with our Security Experts.</P><P>&nbsp;</P><P>And in the case of jsfiddle I think that the "IDE" is on that URL/Origin but the rendered viewport is in a IFRAME with some other URL/Origin (something like:&nbsp;<A href="https://fiddle.jshell.net" target="_blank">https://fiddle.jshell.net</A>)</P> Tue, 10 Mar 2020 20:28:25 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Refuse-to-display-iFrame-due-to-frame-ancestor/m-p/1683472#M12469 han 2020-03-10T20:28:25Z https://community.qlik.com/t5/Integration-Extension-APIs/Refuse-to-display-iFrame-due-to-frame-ancestor/m-p/1683842#M12476 <P>Thanks Han! It was that my local server was on HTTP, rather than HTTPS. Not sure about the JSFiddle but not really interested at this point anymore.<BR /><BR />For anyone wondering, I was able to make my local server run on HTTPS by changing start script to&nbsp;"HTTPS=true react-scripts start" (note: this was using create-react-app).</P> Wed, 11 Mar 2020 15:16:25 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Refuse-to-display-iFrame-due-to-frame-ancestor/m-p/1683842#M12476 Adamkimm1 2020-03-11T15:16:25Z https://community.qlik.com/t5/Integration-Extension-APIs/Refuse-to-display-iFrame-due-to-frame-ancestor/m-p/2414028#M19790 <P>Thanks a lot&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/108315">@Adamkimm1</a>&nbsp;</P> <P>&nbsp;</P> Fri, 02 Feb 2024 12:59:59 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Refuse-to-display-iFrame-due-to-frame-ancestor/m-p/2414028#M19790 david_hg96 2024-02-02T12:59:59Z